基于计数布隆过滤器的属性基多关键词可搜索加密方案

doi:10.11959/j.issn.1000-0801.2023237

电信科学 ›› 2023, Vol. 39 ›› Issue (11): 116-127.doi: 10.11959/j.issn.1000-0801.2023237

• 研究与开发 • 上一篇

基于计数布隆过滤器的属性基多关键词可搜索加密方案

李志单¹, 陈勇群¹^,², 王巍¹^,²

¹ 中国电子科技集团公司第三十六研究所，浙江嘉兴 314033
² 电磁空间安全全国重点实验室，浙江嘉兴 314033

修回日期:2023-11-14 出版日期:2023-11-01 发布日期:2023-11-01
作者简介:李志单（1989- ），男，博士，中国电子科技集团公司第三十六研究所工程师，主要研究方向为网络安全、信息安全、公钥密码等
陈勇群（1987- ），男，博士，中国电子科技集团公司第三十六研究所高级工程师，主要研究方向为网络安全、无线网络安全、网络协议分析
王巍（1980- ），男，博士，中国电子科技集团公司第三十六研究所研究员、技术创新部主任、电磁空间安全全国重点实验室常务副主任，主要研究方向为无线网络安全、网络协议分析、电子对抗网络安全等
基金资助:
国家自然科学基金资助项目(U20B2050)

Attribute-based multi-keyword searchable encryption scheme based on counting Bloom filters

Zhidan LI¹, Yongqun CHEN¹^,², Wei WANG¹^,²

¹ The 36th Research Institute of China Electronics Technology Group Corporation, Jiaxing 314033, China
² National Key Laboratory of Electromagnetic Space Security, Jiaxing 314033, China

Revised:2023-11-14 Online:2023-11-01 Published:2023-11-01
Supported by:
The National Natural Science Foundation of China(U20B2050)

摘要/Abstract

摘要：

为解决传统公钥密码体制下的可搜索加密方案检索效率低、关键词索引存储开销大、索引不支持动态更新等问题，基于计数布隆过滤器良好的空间和时间效率判断元素是否属于某个集合的特性，将此特性应用于可搜索加密建立关键词索引，即将关键词集合映射到一个二进制向量中，从而降低关键词存储开销；同时，利用计数布隆过滤器可删除的特性实现关键词索引的动态更新。此外，为防止敌手通过统计分析手段从二进制向量中推断出关键词明文信息，将二进制向量利用置换进行盲化，然后将置换利用属性加密进行秘密共享，合法用户正确生成关键词陷门后，服务商基于用户的关键词陷门帮助用户完成关键词匹配查询。最后，安全性分析和仿真实验证明了方案的安全性和高效性。

关键词: 可搜索加密, 计数布隆过滤器, 属性加密, 置换

Abstract:

To address the problems of low retrieval efficiency of searchable encryption scheme under traditional public key cryptosystem, high storage overhead of keyword index, and index does not support dynamic update, based on the good space and time efficiency of counting Bloom filter to determine whether an element belongs to a certain set, the feature into searchable encryption was applied to establish keyword index, thus, the keyword set was mapped into a binary vector, thereby reducing the keyword storage cost.Simultaneously, the feature of counting Bloom filter can be deleted was used to realize the dynamic update of keyword index.In addition, to prevent adversaries from inferring keyword plaintext information from binary vectors through statistical analysis, the binary vector was blinded by permutation, and then the permutation was encrypted by attribute-based encryption for secret sharing.After legitimate users generated keyword traps correctly, the service provider helped users complete keyword matching queries based on the user’s keyword trapdoor.Finally, the security and efficiency of the scheme were proved through security analysis and simulation experiments.

Key words: searchable encryption, counting Bloom filter, attribute-based encryption, permutation

中图分类号:

TP393

李志单, 陈勇群, 王巍. 基于计数布隆过滤器的属性基多关键词可搜索加密方案[J]. 电信科学, 2023, 39(11): 116-127.

Zhidan LI, Yongqun CHEN, Wei WANG. Attribute-based multi-keyword searchable encryption scheme based on counting Bloom filters[J]. Telecommunications Science, 2023, 39(11): 116-127.

图/表 14

表1

图1

图2

图3

表2

方案涉及的符号含义"

符号	含义
S	用户属性集
SK_S	属性加密密钥
sk	对称加密密钥
W_f	f 的关键词集合
W _f＇	f 的更新后关键词集合
$\tilde{W}$	查询关键词集合
$T$	访问控制树
σ	置换
$T_{W^{*}}$	W ^*对应陷门
C	f 对应对称加密密文
CT₁	σ和sk对应公钥密文
CT₂	W 对应密文索引
n	W 中的关键词个数
t	W ^*中的关键词个数
Y	$T$ 中的叶子节点集合
$\| Y \|$	$T$ 中的叶子节点个数
s	访问控制树根节点处的秘密共享私密值
m	计数布隆过滤器向量长度
l	数值n的比特长度

表2

图4

表3

表4

存储效率对比"

功能	文献[10]方案	文献[14]方案	本文方案
密钥存储	$(1 + 2 \| S \|) \cdot \| G \|$	$(1 + 2 \| S \|) \cdot \| G \|$	$(1 + 2 \| S \|) \cdot \| G \|$
密文存储	$(3 + n + 2 \| Y \|) \cdot \| G \|$	$(2 + 2 \| Y \|) \cdot \| G \| + 8 m \cdot bit$	$(2 + 2 \| Y \|) \cdot \| G \| + 8 m \cdot bit$
关键词陷门存储	$(3 + 2 \| S \|) \cdot \| G \|$	≤ ntl	≤ ntl
注：l表示数值n的比特长度。

表4

图5

图6

图7

图8

图9

图10

参考文献 15

[1]	ARMBRUST M , FOX A , GRIFFITH R ,et al. A view of cloud computing[J]. Communications of the ACM, 2010,53(4): 50-58.
[2]	YU Y , LI Y N , AU M H ,et al. Public cloud data auditing with practical key update and zero knowledge privacy[M]// Information security and privacy. Cham: Springer International Publishing, 2016: 389-405.
[3]	KAMARA S , LAUTER K . Cryptographic cloud storage[M]// Financial cryptography and data security. Heidelberg: Springer, 2010: 136-149.
[4]	ARORA R , PARASHAR A . Secure user data in cloud computing using encryption algorithms[J]. International Journal of Engineering Research and Applications, 2013,3(4): 1922-1926.
[5]	SONG D X , WAGNER D , PERRIG A . Practical techniques for searches on encrypted data[C]// Proceeding of 2000 IEEE Symposium on Security ＆ Privacy. Piscataway:IEEE Press, 2000.
[6]	BONEH D , DI CRESCENZO G , OSTROVSKY R ,et al. Public key encryption with keyword search[C]// Proceeding of 2004 International Conference on The Theory and Applications of Cryptographic Techniques. Heidelberg:Springer, 2004: 506-522.
[7]	MIAO Y B , MA J F , LIU X M ,et al. m²-ABKS:attribute-based multi-keyword search over encrypted personal health records in multi-owner setting[J]. Journal of Medical Systems, 2016,40(11): 1-12.
[8]	ZHANG R , XUE R , YU T ,et al. PVSAE:a public verifiable searchable encryption service framework for outsourced encrypted data[C]// Proceedings of 2016 IEEE International Conference on Web Services (ICWS). Piscataway:IEEE Press, 2016: 428-435.
[9]	SUN W H , YU S C , LOU W J ,et al. Protecting your right:verifiable attribute-based keyword search with fine-grained owner-enforced search authorization in the cloud[J]. IEEE Transactions on Parallel and Distributed Systems, 2016,27(4): 1187-1198.
[10]	MIAO Y B , MA J F , LIU X M ,et al. Practical attribute-based multi-keyword search scheme in mobile crowdsourcing[J]. IEEE Internet of Things Journal, 2018,5(4): 3008-3018.
[11]	MIAO Y B , MA J F , LIU X M ,et al. Attribute-based keyword search over hierarchical data in cloud computing[J]. IEEE Transactions on Services Computing, 2020,13(6): 985-998.
[12]	BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption[C]// Proceedings of 2007 IEEE Symposium on Security and Privacy (SP’07). Piscataway:IEEE Press, 2007: 321-334.
[13]	ZHENG Q J , XU S H , ATENIESE G . VABKS:Verifiable attribute-based keyword search over outsourced encrypted data[C]// Proceedings of IEEE INFOCOM 2014-IEEE Conference on Computer Communications. Piscataway:IEEE Press, 2014: 522-530.
[14]	张晓敏 . 基于布隆过滤器属性基的多关键词可搜索方案[J]. 计算机与现代化, 2021(8): 104-111.
	ZHANG X M . An attribute-based multi-keyword searchable scheme based on Bloom filters[J]. Computer and Modernization, 2021(8): 104-111.
[15]	李志单 . 云存储中基于属性加密的数据访问控制和隐私保护研究[D]. 北京:北京邮电大学, 2020.
	LI Z D . Research on data access control and privacy protection based on attribute-based encryption in cloud storage[D]. Beijing:Beijing University of Posts and Telecommunications, 2020.

对比项	文献[10]方案	文献[14]方案	本文方案
数据访问控制	√	√	√
密文计算效率高	×	√	√
关键词索引更新	×	×	√
关键词存储代价低	×	√	√

功能	文献[10]方案	文献[14]方案	本文方案
密钥计算	(2+2\|S \|)·E	(2+2\|S \|)·E	(2+2\|S \|)·E
密文计算	(3+n+2\|Y\|)E+\|Y\|H ₁+nH₂	(2+2\|Y\|)E+\|Y\|H ₁+nkH+σ	(2+2\|Y\|)E+\|Y\|H₁+nkH+σ
关键词陷门计算	(3+2\|S\|)E+tH₂	ktH +σ	ktH +σ
密文更新	—	—	nkH +σ
解密和检索匹配	(4+2\|S\|)P+\|S\|E	(1+2\|S\|)P+\|S\|E	(1+2\|S\|)P+\|S\|E

基于计数布隆过滤器的属性基多关键词可搜索加密方案

Attribute-based multi-keyword searchable encryption scheme based on counting Bloom filters

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 14

参考文献 15

相关文章 5

Metrics

推荐阅读 0

[1]	翁昕耀,游林,蓝婷婷. 基于区块链的结果可追溯的可搜索加密方案[J]. 电信科学, 2019, 35(9): 98-106.
[2]	吴国威,樊宁,汪来富,王帅,沈军,金华敏. 云环境下基于属性加密体制算法加速方案[J]. 电信科学, 2019, 35(11): 101-107.
[3]	刘顺兰, 边海波, 胡爱明. 一种基于位反转置换的系统极化码的缩短方法[J]. 电信科学, 2019, 35(10): 77-83.
[4]	俞艺涵,付钰,吴晓平,李洪成. 一种基于同源行为分析的APT异常发现策略[J]. 电信科学, 2016, 32(1): 82-87.
[5]	王映康,罗文俊. 云存储环境下多用户可搜索加密方案[J]. 电信科学, 2012, 28(11): 103-107.